Skip to main content

Run ToolJet with Docker

Run Pomerium with Docker Compose to secure your ToolJet application.

What is ToolJet?

ToolJet is a self-hosted, low-code platform that helps you build and deploy internal developer tools.

Why use Pomerium with ToolJet?

Pomerium can secure ToolJet by applying policy to your routes that only grants access to ToolJet by to certain users.

ToolJet provides its own RBAC-based permissions and several user authentication flows, so proxied requests will require users to sign in twice.

Before you begin

To complete this guide, you need:

Set up Pomerium

Create a config.yaml file and add the following code:

config.yaml
authenticate_service_url: https://authenticate.localhost.pomerium.io


idp_provider: github
idp_client_id: REPLACE_ME
idp_client_secret: REPLACE_ME

# Update the signing key: https://www.pomerium.com/docs/reference/signing-key
signing_key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSURRemVZWDZyT2tuemFnTjRJVTYxaEtRc3pzY1EvRllmbzZPcXhWd2YvdGZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFc1V0V2psYXZ3eHprSU9DVUNDeFVnTDJza2NjL3QxSTFmQXlxUDgrMWw5YU1CWDlzdm1pYgpRajJxcWFUbUJZZWhuQzhmak5LODZmVXhpc3d1SXN5bnp3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=

routes:
- from: https://verify.localhost.pomerium.io
to: http://verify:8000
policy:
- allow:
or:
- email:
is: user@example.com
pass_identity_headers: true
- from: https://tooljet.localhost.pomerium.io
to: http://tooljet:80
host_rewrite_header: true
policy:
- allow:
or:
- email:
is: user@example.com

Next, you need to:

  • Update the IdP configuration variables with your own (See the GitHub guide for more information)
  • Replace user@example.com with the email associated with your IdP
  • Generate a signing key

To generate a signing key, use the commands below:

# Generates a P-256 (ES256) signing key
openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
# Prints the base64 encoded value of the signing key
cat ec_private.pem | base64

Add the base64-encoded signing key to the signing_key variable in your config.yaml file.

Add Pomerium services to Docker Compose

Update docker-compose.yaml with the following configuration:

docker-compose.yaml
version: "3"
networks:
main: {}
services:
pomerium:
image: pomerium/pomerium:latest
volumes:
## Mount your config file: https://www.pomerium.com/docs/reference/
- ./config.yaml:/pomerium/config.yaml:ro
ports:
- 443:443
## A network alias is only required when using `localhost.pomerium.io`
networks:
main:
aliases:
- authenticate.localhost.pomerium.io
## https://verify.localhost.pomerium.io --> Pomerium --> http://verify
verify:
networks:
main: {}
image: pomerium/verify:latest
expose:
- 8000
tooljet:
networks:
main: {}
tty: true
stdin_open: true
image: tooljet/tooljet-ce:latest
restart: always
env_file: .env
ports:
- 80:80
depends_on:
- postgres
environment:
SERVE_CLIENT: "true"
PORT: "80"
command: npm run start:prod

postgres:
networks:
main: {}
image: postgres:13
restart: always
ports:
- 5432:5432
volumes:
- postgres:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=postgres
volumes:
postgres:
driver: local
driver_opts:
o: bind
type: none
device: ${PWD}/postgres_data
certs:
logs:
fallbackcerts:

This configuration also includes the Docker image to run ToolJet.

Set up ToolJet

In the root folder of your project, create a folder called postgres_data to run ToolJet's in-built PostgreSQL database:

mkdir postgres_data

Add a .env file pre-populated with ToolJet's environment variables:

curl -LO https://raw.githubusercontent.com/ToolJet/ToolJet/main/deploy/docker/.env.example
mv .env.example .env

In your .env file, make the following changes:

For example:

TOOLJET_HOSTNAME=https://tooljet.localhost.pomerium.io

Keep the default values for the database configuration and the other environment variables.

Run ToolJet

Run docker compose up to run your Pomerium and ToolJet containers.

In your terminal, wait until ToolJet is in a ready state:

ToolJet ready state

In your browser, go to the external ToolJet URL to set up your workspace.

Set up ToolJet workspace

Set up your admin account:

Set up admin

Set up your workspace:

Set up ToolJet workspace

Skip the prompts asking for your company information.

You should now be in your ToolJet dashboard.

Invite a user

To invite a user:

  1. Select Workspace settings (the Gear icon)
  2. In the Users & Permissions window, select Invite new user
  3. Enter their details and select Create User
  4. Copy their invite link

Copy invite link

Open the link in a new tab:

Join workspace

Create a password and accept the invite to log in to the workspace.

From here, you can sign in as an admin and create apps within a workspace, create new workspaces, build apps within a given workspace, and configure workplace permissions to manage access and privileges for users and groups within ToolJet.